[tor-dev] Tor Attack Implementations (Master's Thesis: Tor & Mixes)

Florian Rüchel florian.ruechel.tor at inexplicity.de
Tue Feb 3 12:04:30 UTC 2015


Hi everyone,

I have taken some time and considered my topic for the Master's Thesis.
I have finally decided to write it on integrating high-latency traffic
with the Tor low-latency network (see also my initial mail and George's
response[1]).

My primary research goal is to determine the impact of a mix network
inside Tor, especially on low-latency users of the network. For this, I
plan to use shadow [2] with scallion to simulate the Tor network. I then
want to integrate Mix features into the network and see how the network
reacts to certain attacks, attacking the mix users as well as the
non-mix users. A crucial part in this evaluation will be to determine
whether the anonymity of regular Tor users might be reduced (for example
just by drawing away users from low- to high-latency traffic) or whether
it might actually be improved (it could attract more users into the same
network).

However, for this evaluation/simulation to work, I need to attack my
simulation, i.e. become the adversary and measure the effectiveness of
my attacks. And for this, I need the actual implementation. So if anyone
has access or can direct me to implementations that I can use, I would
be glad for your help.

It would also help me a lot if you can direct me to papers or articles
that have shown specific attacks that are known to work on the current
network.

Finally, I am currently considering using Mixminion as my basis for a
mix network as it seems well designed and addresses a lot of known
attacks. I currently do not plan to evaluate its security but instead
only the effect its usage has on attacks that work on regular Tor users.
However, if anyone can propose a better mix network to base my work on,
please let me know.

Thanks to everyone for your support.

Regards,
Florian Rüchel

[1] https://lists.torproject.org/pipermail/tor-dev/2014-December/007913.html

[2] http://shadow.github.io



>> Certificates for HS: I find this topic particularly interesting and have
>> followed the discussion. The general concept seems like a great thing to
>> achieve and it could actually outperform the regular SSL/CA
>> infrastructure stuff as it could remove the need for CAs. Unfortunately,
>> this seems something that is not extensive enough to warrant a whole
>> thesis. If you guys think otherwise, please let me know.
>>
>> Tor with mix features: Tor has the explicit goal of being a low-latency
>> network. However, there are several protocols where high-latency would
>> be acceptable. I liked the idea of high latency HSes
>> (https://lists.torproject.org/pipermail/tor-dev/2014-November/007818.html).
>> I'd like to know what you think about this idea being viable. It would
>> have the advantage of being very flexible from just a theoretic
>> evaluation down to a real implementation so I could adjust this to my
>> time. But only if this is actually desired so it does not need to stay
>> theoretic. I think it would be very interesting to evaluate whether this
>> can improve or hurt anonymity of low-latency users, as well.
>
> I agree. Very interesting area. I'm hoping for Tor to move the area
> forward during the next one year. We will see.
>
> Parallel research would be good. Some ideas to move forward:
> https://lists.torproject.org/pipermail/tor-dev/2014-November/007859.html
>



More information about the tor-dev mailing list